{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T05:47:41Z","timestamp":1767332861918,"version":"3.48.0"},"reference-count":67,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U25A20429"],"award-info":[{"award-number":["U25A20429"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62332018"],"award-info":[{"award-number":["62332018"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100017939","name":"Sichuan Provincial Natural Science Foundation","doi-asserted-by":"publisher","award":["2025ZNSFSC0497"],"award-info":[{"award-number":["2025ZNSFSC0497"]}],"id":[{"id":"10.13039\/100017939","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/tifs.2025.3644790","type":"journal-article","created":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T18:44:21Z","timestamp":1765997061000},"page":"373-387","source":"Crossref","is-referenced-by-count":0,"title":["Exploiting Cyber Threat Intelligence for Indirect Attacks Against Serverless Infrastructures"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-8401-2567","authenticated-orcid":false,"given":"Baojin","family":"Wang","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-2716-5369","authenticated-orcid":false,"given":"Yongzhao","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6619-554X","authenticated-orcid":false,"given":"Xiong","family":"Li","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8244-2181","authenticated-orcid":false,"given":"Jie","family":"Yang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-0533-055X","authenticated-orcid":false,"given":"Yijun","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"given":"Jiazhen","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9165-8331","authenticated-orcid":false,"given":"Ting","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9886-1412","authenticated-orcid":false,"given":"Xiaosong","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2190-0919","authenticated-orcid":false,"given":"Dian","family":"Ding","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Yi-Chao","family":"Chen","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101761"},{"issue":"8","key":"ref2","first-page":"1","article-title":"Applications of cyber threat intelligence (CTI) in financial institutions and challenges in its adoption","volume":"6","author":"-Ajala","year":"2023","journal-title":"Applied Res. Artif. Intell. Cloud Comput."},{"key":"ref3","first-page":"433","article-title":"A different cup of TI? The added value of commercial threat intelligence","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Bouwman"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/TITS.2021.3122368"},{"volume-title":"Cyber Threat Intelligence Market Size and Forecast","year":"2024","author":"Research","key":"ref5"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3406011"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3510412"},{"volume-title":"The State of Serverless","year":"2023","key":"ref8"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN52387.2021.9534192"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/BigData52589.2021.9671867"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.4018\/ijswis.350095"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1002\/spy2.70098"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-020-00490-y"},{"volume-title":"Avid-2023-v003","year":"2023","key":"ref14"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485372"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/DSN58291.2024.00025"},{"key":"ref17","first-page":"2443","article-title":"ALASTOR: Reconstructing the provenance of serverless intrusions","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Datta"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3450569.3463567"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380173"},{"key":"ref20","article-title":"FaaSMT: Lightweight serverless framework for intrusion detection using Merkle tree and task inlining","author":"Li","year":"2025","journal-title":"arXiv:2503.06532"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3644991"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560629"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyae004"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2025.3550735"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3276488"},{"key":"ref26","first-page":"4087","article-title":"Guarding serverless applications with kalium","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Jegan"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM53939.2023.10228884"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/CCGrid57682.2023.00049"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645436"},{"key":"ref30","first-page":"1073","article-title":"CloudFlow: Identifying security-sensitive data flows in serverless applications","volume-title":"Proc. 34th USENIX Secur. Symp.","author":"Raffa"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM67354.2025.00018"},{"volume-title":"Kaspersky Faked Malware To Harm Rivals: Ex-Employees","year":"2015","author":"Writers","key":"ref32"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.3390\/app151910755"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.23919\/cje.2024.00.342"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.104079"},{"key":"ref36","article-title":"KGV: Integrating large language models with knowledge graphs for cyber threat intelligence credibility assessment","author":"Wu","year":"2024","journal-title":"arXiv:2408.08088"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102576"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/7875910"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3342112"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2024.3368130"},{"volume-title":"Serverless Function, FAAS Serverless-AWS Lambda-AWS","year":"2024","key":"ref41"},{"volume-title":"Azure Functions-Serverless Functions in Computing | Microsoft Azure","year":"2024","key":"ref42"},{"volume-title":"Cloud Functions | Google Cloud","year":"2022","key":"ref43"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1186\/s13677-022-00347-w"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.53841\/bpsqmip.2024.1.37.59"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.4135\/9781849208574.n4"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1177\/1525822X05279903"},{"volume-title":"What is Soar","year":"2023","author":"Network","key":"ref48"},{"volume-title":"General Data Protection Regulation (GDPR)","year":"2018","author":"Union","key":"ref49"},{"volume-title":"Threatbook Online Sandbox","year":"2018","key":"ref50"},{"volume-title":"Abuse.Ch\u2014Fighting Malware and Botnets","year":"2021","key":"ref51"},{"volume-title":"Maltiverse-actionable Threat Intelligence","year":"2022","key":"ref52"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/cw.2019.00058"},{"volume-title":"Cisco Talos Intelligence Group-Comprehensive Threat Intelligence","year":"2024","key":"ref54"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3056999"},{"volume-title":"Cobalt Strike-Adversary Simulation and Red Team Operations","year":"2012","key":"ref56"},{"volume-title":"Metasploit | Penetration Testing Software, Pen Testing Security | Metasploit","year":"2003","key":"ref57"},{"volume-title":"Sliver | Bishop Fox","year":"2024","key":"ref58"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0067"},{"volume-title":"Cobalt Strike-Red Canary Threat Detection Report","year":"2023","author":"Canary","key":"ref60"},{"volume-title":"Virustotal","year":"2004","key":"ref61"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3226052.3226056"},{"volume-title":"Home\u2014Openfaas-Serverless Functions Made Simple","year":"2022","key":"ref63"},{"volume-title":"Top 13 Aws Lambda Alternatives for Serverless Computing","year":"2024","key":"ref64"},{"volume-title":"Similarweb Digital Intelligence: Unlock Your Digital Growth","year":"2024","key":"ref65"},{"volume-title":"Ai-Powered Monitoring\u2014Website Monitoring, Website Monitoring Service, All-in-One Monitoring: Site24x7","year":"2024","key":"ref66"},{"volume-title":"Report Abusive Activity From Amazon Web Services Resources","year":"2019","key":"ref67"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/11313711\/11301759.pdf?arnumber=11301759","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T05:44:06Z","timestamp":1767332646000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11301759\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":67,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3644790","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2026]]}}}